Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Sep 2015 15:02:06 +0200
From: MinRK <benjaminrk@...il.com>
To: oss-security@...ts.openwall.com
Cc: security <security@...thon.org>, Kyle Kelley <rgbkrk@...il.com>, 
	Jonathan Kamens <jkamens@...ntopian.com>, Scott Sanderson <ssanderson@...ntopian.com>
Subject: CVE Request: Maliciously crafted text files in IPython/Jupyter editor

Email address of requester: security@...thon.org, benjaminrk@...il.com,
rgbkrk@...il.com, jkamens@...ntopian.com, ssanderson@...ntopian.com

Software name: IPython notebook / Jupyter notebook
Type of vulnerability: Maliciously forged file
Attack outcome: Possible remote execution

Vulnerability: A maliciously forged file opened for editing can execute
javascript, specifically by being redirected to /files/ due to a failure to
treat the file as plain text.

Affected versions:

- IPython 3.0 ≤ version ≤ 3.2.1
- notebook 4.0 ≤ 4.0.4

URI with issues:

- GET /edit/**

Patches:

- IPython 3.x: 0a8096adf165e2465550bd5893d7e352544e5967 (
https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967
)
- Jupyter 4.0.x: 9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5 (
https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5
)

Mitigations:

Upgrade to IPython/Jupyter notebook 4.0.5, 4.1 or 3.2.2 once available.
If using pip,

    pip install --upgrade "ipython[notebook]<4.0"  # for 3.2.2
    pip install --upgrade notebook # for 4.1 or 4.0.5

For conda:

    conda update conda
    conda update ipython "ipython-notebook<4.0" # for 3.2.2
    conda update notebook # for 4.1 or 4.0.5

Vulnerability reported by Jonathan Kamens at Quantopian

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ